Alternatives and similar repositories for EDR-ALPC-Block-POC

Users that are interested in EDR-ALPC-Block-POC are comparing it to the libraries listed below

• mhaskar / FsquirtCPLPoC
  PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin
  ☆121Updated last month
• NUL0x4C / HookingLsassForCredentials
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61Updated 9 months ago
• passthehashbrowns / VectoredExceptionHandling
  ☆106Updated last year
• susMdT / ForsHops
  ForsHops
  ☆59Updated 10 months ago
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆84Updated last year
• klezVirus / RpcProxyInvoke
  Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
  ☆136Updated last year
• kr0tt / EarlyExceptionHandling
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆136Updated 5 months ago
• decoder-it / RelabelAbuse
  ☆64Updated last year
• lap1nou / CLR_Heap_encryption
  ☆100Updated 2 years ago
• ameenalkerdy / ETWShellcodeLoader
  Shellcode Loader Utilizing ETW Events
  ☆67Updated 11 months ago
• entropy-z / PostEx-Arsenal
  Arsenal of modules to beacon postex
  ☆94Updated 2 months ago
• internetangel / ZeroCrumb
  Dumping App Bound Protected Credentials & Cookies Without Privileges.
  ☆166Updated 8 months ago
• NtDallas / OdinLdr
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆182Updated 3 weeks ago
• VirtualAlllocEx / HWBP-DEP-Bypass
  Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulati…
  ☆97Updated 3 months ago
• SafeBreach-Labs / RPC-Racer
  Toolset to manipulate RPC clients by finding delayed services and masquerading as them
  ☆107Updated 5 months ago
• outflanknl / seccomp-notify-injection
  Linux Process Injection via Seccomp Notifier
  ☆81Updated 2 months ago
• passthehashbrowns / Being-A-Good-CLR-Host
  ☆86Updated last year
• Crowdfense / CVE-2024-21338
  Windows AppLocker Driver (appid.sys) LPE
  ☆73Updated last year
• MEhrn00 / boflink
  Linker for Beacon Object Files
  ☆149Updated this week
• ghostbyt3 / WinDriver-EXP
  This repo contains PoCs for vulnerable Windows drivers.
  ☆126Updated last month
• pygrum / gimmick
  Section-based payload obfuscation technique for x64
  ☆64Updated last year
• wolfcod / lsassdump
  lsassdump via RtlCreateProcessReflection and NanoDump
  ☆84Updated last year
• Teach2Breach / stargate
  Locate dlls and function addresses without PEB Walk and EAT parsing
  ☆104Updated 3 months ago
• cbwang505 / FilesystemEoPDesktopSystemShell
  Folder Or File Delete to Get System Shell on Current Session Desktop
  ☆47Updated last year
• tijme / nimplant-beacon-position-independent-c-code
  A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.
  ☆66Updated last year
• EvilBytecode / CustomDpapi
  Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!
  ☆66Updated last week
• fern89 / ghostwriting-2
  A process injection technique using only thread context manipulation
  ☆41Updated 2 years ago
• Octoberfest7 / enumhandles_BOF
  ☆126Updated last year
• Teach2Breach / pool_party_rs
  remote process injections using pool party techniques
  ☆70Updated 7 months ago
• JJK96 / PIClin
  From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any change…
  ☆53Updated 4 months ago